1.安装必要组件:
yum install -y gcc openssl-devel pam-devel rpm-build
2.下载OpenSSH最新版本:
https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
在以上网站找到最新版链接并下载解压
wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz
tar -zxvf openssh-8.0p1.tar.gz
3.到openssh-7.5p1目录下编译并安装最新版OpenSSH:
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-zlib --with-md5-passwords --with-tcp-wrappers
如果没报错则执行安装命令
make && make install
4.查看OpenSSH版本信息
ssh -V
5.修改配置
去掉此行#,如果想远程能够远程登录root用户
#PermitRootLogin yes
6.重启并处理异常
service sshd restart
如果出现以下异常
/etc/ssh/sshd_config line 81: Unsupported option GSSAPIAuthentication
/etc/ssh/sshd_config line 83: Unsupported option GSSAPICleanupCredentials
则注释掉相关行数即可。
第二种方法:
查看当前版本
# 默认ssh是 7.4 ,ssl是 1.0 . 2 sshd -v openssl version |
下载升级包
wget https: //www.openssl.org/source/openssl-1.1.1g.tar.gz wget https: //openbsd.hk/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz tar -zxvf openssl- 1.1 .1g.tar.gz tar -zxvf openssh- 8 .3p1.tar.gz |
安装依赖包
升级OpenSSL
# 备份 mv /usr/bin/openssl /usr/bin/openssl.bak # 编译、安装 cd openssl- 1.1 .1g ./config shared && make && make install cp -r include/openssl /usr/include/ ln -s /usr/local/bin/openssl /usr/bin/openssl ln -snf /usr/local/lib64/libssl.so. 1.1 /usr/lib64/libssl.so ln -snf /usr/local/lib64/libssl.so. 1.1 /usr/lib64/libssl.so. 1.1 ln -snf /usr/local/lib64/libcrypto.so. 1.1 /usr/lib64/libcrypto.so ln -snf /usr/local/lib64/libcrypto.so. 1.1 /usr/lib64/libcrypto.so. 1.1 # 重载库文件,检查版本 ldconfig openssl version |
升级OpenSSH
# 备份 cp /usr/bin/ssh /usr/bin/ssh.bak cp /usr/sbin/sshd /usr/sbin/sshd.bak mv /etc/ssh /etc/ssh.bak # 编译、安装 cd openssh- 8 .3p1 ./configure --prefix=/usr/ --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl --with-zlib --with-md5-passwords make && make install !!!!一定要加!!!! vim /etc/ssh/sshd PermitRootLogin yes # 修改启动文件和pam cp ./contrib/redhat/sshd.init /etc/init.d/sshd cp -a contrib/redhat/sshd.pam /etc/pam.d/sshd.pam mv /usr/lib/systemd/system/sshd.service /usr/lib/systemd/system/sshd.service_bak systemctl daemon-reload systemctl restart sshd systemctl status sshd |